Tyk v1.7 and Dashboard v0.9.5
Update: Dashboard 0.9.5.3
- Hotfix for listen_path issues when adding a new API
Update: Dashboard 0.9.5.2
- Fixes a compromise on editing listen path in forced API defaults mode. Listen path now editable again.
UPDATE: Dashboard 0.9.5.1
- Includes bug fix for very large data sets (stats not showing).
The full changelog for 1.7:
- Open APIs now support caching, body transforms and header transforms
- Added RPC storage backend for cloud-based suport. RPC server is built in vayala/gorpc, signature for the methods that need to be provideda are in the
rpc_storage_handler.gofile (see the dispatcher). - Added
oauth_refresh_token_expiresetting in configuration, allows for customisation of refresh token expiry in OAuth flows - Changed refresh token expiry to be 14 days by default
- Basic swagger file supoprt in command line, use
--import-swagger=petstore.jsonto import a swagger definition, will create a Whitelisted API. - Created quota monitoring for orgs and user keys, uses a webhook. To configure update
tyk.confto include the global check rate and target data:
"monitor": {
"enable_trigger_monitors": false,
"configuration": {
"method": "POST",
"target_path": "http://posttestserver.com/post.php?dir=tyk-monitor-test",
"template_path": "templates/monitor_template.json",
"header_map": {"x-tyk-monitor-secret": "12345"},
"event_timeout": 10
},
"global_trigger_limit": 80.0,
"monitor_user_keys": false,
"monitor_org_keys": true
}
- It is also possible to add custom rate monitors on a per-key basis,
SessionObjecthas been updated to include a "monitor" section which lets you define custom limits to trigger a quota event, add this to your key objects:
"monitor": {
"trigger_limits": [80.0, 60.0, 50.0]
}
- If a custom limit is the same as a global one the event will only fire once. The output will look like this:
{
"event": "TriggerExceeded",
"message": "Quota trigger reached",
"org": "53ac07777cbb8c2d53000002",
"key": "53ac07777cbb8c2d53000002c74f43ddd714489c73ea5c3fc83a6b1e",
"trigger_limit": "80",
}
- Added response body transforms (JSON only), uses the same syntax as regular transforms, must be placed into
transform_responselist and the trasnformer must be registered under the newresponse_transformslist, otherwise it will not be activated.
{
name: "response_body_transform",
options: {}
}
- Added Response middleware chain and interface to handle response middleware. Response middleware must be declared under
response_processorsotherwise it is not loaded. Specifying options under the extended paths section will not be enough to enable response processors
{
name: "header_injector",
options: {
"add_headers": {"name": "value"},
"remove_headers": ["name"]
}
}
- Added response header injection (uses the same code as the regular injector), add your path definitions to the
extended_paths.transform_response_headersfiled. - Added
SupressDefaultOrgStore- uses a default redis connection to handle unfound Org lookups, this is merely patching a potential hole - Added support for Sentry DSN - monitoring can be added and enabled by adding to your
tyk.conf:
...
"use_sentry": true,
"sentry_code": "https://your-dsn-string",
...
- Modification: Analyitcs purger (redis) now uses redis lists, much cleaner, and purge is a transaction which means multiple gateways can purge at the same time safely without risk of duplication
- Added
enforce_org_data_ageconfig parameter that allows for setting the expireAt in seconds for analytics data on an organisation level. (Requires the addition of adata_expiresfiled in the Session object that is larger than 0) - Triggers now for dashboard/portal events, can be webhook or email:
api_event: {
webhook: "http://posttestserver.com/post.php?dir=tyk-events",
email: "[email protected]"
},
key_event: {
webhook: "http://posttestserver.com/post.php?dir=tyk-key-events",
email: "[email protected]"
},
key_request_event: {
webhook: "http://posttestserver.com/post.php?dir=tyk-key-events",
email: "[email protected]"
}
- Fixed bug: Basic auth users can nw be created
- Fixed bug: Basic Auth type can now be selected in API creation